Remove usage of the "firewall_driver" in the neutron server

Back in Newton, patch [1] added to the agents possibility to report in
the heartbeat messages if hybrid plug of the ports is required or not.
Usage of "firewall_driver" option by mechanism drivers (so on the
server's side) was kept just for backward compatibility.
But as we are now about 4 years from the [1] I think it should be safe
to do small cleaning, remove usage of this option in the neutron server
and not confuse users where this config option has to be set and why.

[1] https://review.opendev.org/#/c/311814/

Change-Id: I2ccc4c8784c64858acaa3c3431cf9a3d13e5e154
changes/51/726351/2
Slawek Kaplonski 2 years ago
parent cb55643a06
commit 740ab628f4
  1. 16
      neutron/plugins/ml2/drivers/openvswitch/mech_driver/mech_openvswitch.py
  2. 32
      neutron/tests/unit/plugins/ml2/drivers/openvswitch/mech_driver/test_mech_openvswitch.py
  3. 9
      releasenotes/notes/Remove-firewall_driver-option-from-neutron-server-920564ec77503631.yaml

@ -56,13 +56,7 @@ class OpenvswitchMechanismDriver(mech_agent.SimpleAgentMechanismDriverBase):
def __init__(self):
sg_enabled = securitygroups_rpc.is_firewall_enabled()
hybrid_plug_required = (
not cfg.CONF.SECURITYGROUP.firewall_driver or
cfg.CONF.SECURITYGROUP.firewall_driver in (
IPTABLES_FW_DRIVER_FULL, 'iptables_hybrid')
) and sg_enabled
vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled,
portbindings.OVS_HYBRID_PLUG: hybrid_plug_required,
portbindings.VIF_DETAILS_CONNECTIVITY:
portbindings.CONNECTIVITY_L2}
# NOTE(moshele): Bind DIRECT (SR-IOV) port allows
@ -185,12 +179,10 @@ class OpenvswitchMechanismDriver(mech_agent.SimpleAgentMechanismDriverBase):
a_config = agent['configurations']
vif_type = self.get_vif_type(context, agent, segment=None)
if vif_type != portbindings.VIF_TYPE_VHOST_USER:
details = dict(self.vif_details)
hybrid = portbindings.OVS_HYBRID_PLUG
if hybrid in a_config:
# we only override the vif_details for hybrid plugging set
# in the constructor if the agent specifically requests it
details[hybrid] = a_config[hybrid]
details = {
**self.vif_details,
portbindings.OVS_HYBRID_PLUG: a_config.get(
portbindings.OVS_HYBRID_PLUG)}
else:
sock_path = self.agent_vhu_sockpath(agent, context.current['id'])
caps = a_config.get('ovs_capabilities', {})

@ -44,6 +44,7 @@ class OpenvswitchMechanismBaseTestCase(base.AgentMechanismBaseTestCase):
GOOD_TUNNEL_TYPES = ['gre', 'vxlan']
GOOD_CONFIGS = {'bridge_mappings': GOOD_MAPPINGS,
'integration_bridge': 'br-int',
portbindings.OVS_HYBRID_PLUG: True,
'tunnel_types': GOOD_TUNNEL_TYPES}
BAD_MAPPINGS = {'wrong_physical_network': 'wrong_bridge'}
@ -119,6 +120,16 @@ class OpenvswitchMechanismSGDisabledBaseTestCase(
portbindings.VIF_DETAILS_CONNECTIVITY:
portbindings.CONNECTIVITY_L2}
GOOD_MAPPINGS = {'fake_physical_network': 'fake_bridge'}
GOOD_TUNNEL_TYPES = ['gre', 'vxlan']
GOOD_CONFIGS = {'bridge_mappings': GOOD_MAPPINGS,
'integration_bridge': 'br-int',
portbindings.OVS_HYBRID_PLUG: False,
'tunnel_types': GOOD_TUNNEL_TYPES}
AGENTS = [{'alive': True,
'configurations': GOOD_CONFIGS,
'host': 'host'}]
def setUp(self):
cfg.CONF.set_override('enable_security_group',
False,
@ -133,17 +144,6 @@ class OpenvswitchMechanismHybridPlugTestCase(OpenvswitchMechanismBaseTestCase):
return base.FakePortContext(self.AGENT_TYPE, agents, segments,
vnic_type=self.VNIC_TYPE)
def test_backward_compat_with_unreporting_agent(self):
hybrid = portbindings.OVS_HYBRID_PLUG
# agent didn't report so it should be hybrid based on server config
context = self._make_port_ctx(self.AGENTS)
self.driver.bind_port(context)
self.assertTrue(context._bound_vif_details[hybrid])
self.driver.vif_details[hybrid] = False
context = self._make_port_ctx(self.AGENTS)
self.driver.bind_port(context)
self.assertFalse(context._bound_vif_details[hybrid])
def test_hybrid_plug_true_if_agent_requests(self):
hybrid = portbindings.OVS_HYBRID_PLUG
# set server side default to false and ensure that hybrid becomes
@ -240,11 +240,11 @@ class OpenvswitchMechanismDPDKTestCase(OpenvswitchMechanismBaseTestCase):
GOOD_TUNNEL_TYPES = ['gre', 'vxlan']
VHOST_CONFIGS = {'bridge_mappings': GOOD_MAPPINGS,
'integration_bridge': 'br-int',
'tunnel_types': GOOD_TUNNEL_TYPES,
'datapath_type': a_const.OVS_DATAPATH_NETDEV,
'ovs_capabilities': {
'iface_types': [a_const.OVS_DPDK_VHOST_USER]}}
'integration_bridge': 'br-int',
'tunnel_types': GOOD_TUNNEL_TYPES,
'datapath_type': a_const.OVS_DATAPATH_NETDEV,
'ovs_capabilities': {
'iface_types': [a_const.OVS_DPDK_VHOST_USER]}}
VHOST_SERVER_CONFIGS = {'bridge_mappings': GOOD_MAPPINGS,
'integration_bridge': 'br-int',

@ -0,0 +1,9 @@
---
upgrade:
- |
The configuration option ``firewall_driver`` is no longer used by
neutron-server, it only applies to the L2 agent.
This was required for backward-compatibility for hybrid plugging,
but since the Newton release the L2 agent has been able to report
hybrid plugging is needed in it's report message back to the
server.
Loading…
Cancel
Save